[tor-relays] Is AES-NI enabled in tor? (was: A Question about aes-ni and the use of RAM)
Ivan Markin
twim at riseup.net
Thu Dec 22 18:12:00 UTC 2016
Please don't mix multiple questions into one thread.
Patrice:
> does anyone know if the aes-ni support of the motherboard is used by
> default? (I saw nothing in the logs.)
Tor does not implement crypto itself (mostly) and relies on a
cryptolibrary (which is OpenSSL/LibreSSL/etc) instead. Thus you should
check if AES-NI is enabled in your cryptolibrary.
An excerpt from StackOverflow answer [1] about it:
$ openssl speed -elapsed -evp aes-128-cbc
$ OPENSSL_ia32cap="~0x200000200000000" openssl speed -elapsed -evp
aes-128-cbc
"Output of the first line should be significantly faster than the
second." If there is no AES-NI enabled in "OpenSSL" these two should
give similar results.
N.B. AES-NI is not a feature of *motherboard* - it's CPU instructions
(NI stands for "New Instructions").
[1]
http://stackoverflow.com/questions/25284119/how-can-i-check-if-openssl-is-support-use-the-intel-aes-ni
--
Ivan Markin
More information about the tor-relays
mailing list